Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

updated bouncycastle version to 1.78.1 to fix CVE #10444

Merged
merged 1 commit into from
Aug 15, 2024
Merged

updated bouncycastle version to 1.78.1 to fix CVE #10444

merged 1 commit into from
Aug 15, 2024

Conversation

aswinayyolath
Copy link
Contributor

@aswinayyolath aswinayyolath commented Aug 14, 2024
edited
Loading

Type of change

  • Task

Description

Vulnerabilities

CVE Severity CVSS Dependency Type Fixed in (bcpkix-jdk18on version) Remediation Possible**
CVE-2024-29857 High 7.5 bcprov-jdk18on-1.76.jar Transitive 1.78
CVE-2024-30172 Medium 5.9 bcprov-jdk18on-1.76.jar Transitive N/A*
CVE-2024-30171 Medium 5.3 bcprov-jdk18on-1.76.jar Transitive 1.78

Checklist

Please go through this checklist and make sure all applicable tasks have been done

  • Write tests
  • Make sure all tests pass
  • Update documentation
  • Check RBAC rights for Kubernetes / OpenShift roles
  • Try your changes from Pod inside your Kubernetes and OpenShift cluster, not just locally
  • Reference relevant issue(s) and close them after merging
  • Update CHANGELOG.md
  • Supply screenshots for visual changes, such as Grafana dashboards

@aswinayyolath
updated bouncycastle version to 1.78.1 to fix CVE
b913f01 
Signed-off-by: Aswin A <aswin6303@gmail.com>
@ppatierno ppatierno requested a review from a team August 14, 2024 09:39
@ppatierno ppatierno added this to the 0.43.0 milestone Aug 14, 2024
@ppatierno
Copy link
Member

@aswinayyolath I know this is a pretty simple PR but the description doesn't make any sense because just the template we provide. Can you update it with a more meaningful one please?

@aswinayyolath
Copy link
Contributor Author

@aswinayyolath I know this is a pretty simple PR but the description doesn't make any sense because just the template we provide. Can you update it with a more meaningful one please?

Sure

@scholzj
Copy link
Member

scholzj commented Aug 14, 2024

/azp run regression

@azure-pipelines Azure Pipelines
Copy link

Azure Pipelines successfully started running 1 pipeline(s).

scholzj
scholzj approved these changes Aug 14, 2024
View reviewed changes
Copy link
Member

@scholzj scholzj left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM assuminig the regression tests pass.

@scholzj scholzj requested a review from ppatierno August 14, 2024 10:49
@scholzj scholzj merged commit 44ab699 into strimzi:main Aug 15, 2024
21 checks passed
@scholzj
Copy link
Member

scholzj commented Aug 15, 2024

Thanks for the PR.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@im-konge im-konge im-konge approved these changes

@ppatierno ppatierno ppatierno approved these changes

@scholzj scholzj scholzj approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
0.43.0
Development

Successfully merging this pull request may close these issues.
4 participants
@aswinayyolath @ppatierno @scholzj @im-konge